From 4eb13372f66359230ac80817e89164b97c5a05bb Mon Sep 17 00:00:00 2001
From: dgt <digitaria@riseup.net>
Date: Mon, 5 Nov 2018 19:46:41 +0100
Subject: [PATCH] Fix: Update loofah

loofah Version: 2.2.2 Advisory: CVE-2018-16468 Criticality: Unknown URL: https://github.com/flavorjones/loofah/issues/154 Title: Loofah XSS Vulnerability Solution: upgrade to >= 2.2.3
---
 Gemfile      | 9 +++++++++
 Gemfile.lock | 3 ++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/Gemfile b/Gemfile
index 6b51f948f..5c5516d0e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -61,6 +61,15 @@ gem 'thinking-sphinx', '~> 3.4.2'
 # Enhanced Tagging lib. Used to tag pages
 gem 'acts-as-taggable-on', '~> 4.0'
 
+##
+# security updates
+##
+#
+# CVE-2018-16468 Criticality: Unknown URL:
+# https://github.com/flavorjones/loofah/issues/154 Title: Loofah XSS
+# Vulnerability
+gem 'loofah', '~> 2.2.3'
+
 ##
 # Upgrade pending
 ##
diff --git a/Gemfile.lock b/Gemfile.lock
index 5132759a8..b0f484809 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -122,7 +122,7 @@ GEM
       activerecord (>= 4.1.0)
     json (1.8.6)
     libv8 (3.16.14.17)
-    loofah (2.2.2)
+    loofah (2.2.3)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.0)
@@ -267,6 +267,7 @@ DEPENDENCIES
   http_accept_language (~> 2.0)
   i18n (~> 0.7)
   json (~> 1.8)
+  loofah (~> 2.2.3)
   mail-gpg (~> 0.3.3)
   mime-types
   minitest